The original White Hat
[index][src]

Sat Apr 5 08:14:38 UTC 2008

Storing Fingerprints

--

Here's a story that is doing the rounds at the moment. An Australian High School (Ku-ring-gai High in NSW) had bought in to a fingerprint scanning system to handle attendance monitoring in classes. It seems that the “optional” and “opt-in” aspects of this scheme had been badly communicated to the students, parents and staff, and the system has been withdrawn.

There has been a fair bit of reporting; the best seem to be short article from The Australian and a radio transcript from ABC AM

However, the implementation details of this system are not terribly unique, so I won't waste much time on them. The bit I found interesting was that the system makes a big point of not actually storing the pupils' fingerprints.

Wow. A fingerprint reading system that doesn't store fingerprints?

I heard a statement read on my local radio station explaining this … I can't quite exactly from memory, but the general theme was that the scanner converts the fingerprint into a number, and the system stores that number. It doesn't store the fingerprint itself.

This is, of course, a basic description of what computers do with all the input data that they recieve. Everything is converted into a digital representation, it's all just 1s and 0s. So why tell us that? My first assumption was that the author of that statement was being breathtakingly arrogant, assuming that no-one would understand the explanation, but as it sounded computery and confident, it must be fine.

However, the ABC AM transcript provided a little more insight, from another school running the same system …

We've been trialling a system that generates, where students use their finger to sign on, on a scanner. And it is a version of a fingerprint. It generates a four-point shape, four-sided shape that generates a four-digit code that then recognises that student each time they put their finger on the scanner.

So the scanner input may well be the fingerprint, but it's output into the system is essentially a one-way 4-digit hash of the scan data. This is obviously going to be non-unique across any sizeable population of students, so there would have to be some other identification token in use, like “last name”.

But that's not the real privacy concern here. The concern is that anyone with access to the system (not simply the database) will be able to identify the owner of a fingerprint – or at least, get a small short-list of candidates. If the police have a fingerprint that they "suspect may have come from a pupil" (which means, they will just check anyway if the process is easy enough) all they need to do is generate the 4-digit hash of it, and then sweep the database for matches.

The concern for people with personal data in storage is to see how they can ensure it is only used in the disclosed situations it is intended for, and cannot be misused. The governments probably want to ensure that the data are available. A commercial vendor is more interested in making sure that the system just simply works for what it it sold for. Which influences do you think will most strongly affect the final systems?`

blog comments powered by Disqus --